it.ucsf.edu

Password FAQ

Erik Wieland's picture

Frequently Asked Questions about password management at UCSF. Need help? Please contact the IT Service Desk at 415-514-4100.

Required Password Change

What's happening, and why?

When is the Password Acceleration starting and how long will it last?

What do I need to do?

When should I change my password?

What’s the most important part of changing my password?

How long do I have to change my password? What if I’m going out on vacation and don’t have time to change it right now?

Why do I need to change my password if I use Duo already?

I’d like to change my password now, and not wait for the email, how do I do that?

I have multiple accounts, how do I know what account needs to have its password changed?

Does the required password change also apply to resource accounts?

Can I use the same password across all my accounts?

Password Quality

It’s so hard to pick a password and remember it! Do you have any tips?

Is the length requirement 12 or 15 characters?

Why is the password tool making me use 15 characters for my new password?

Lockouts

I keep getting locked out! What should I do?

How do I know what devices I’ve logged into in the past?

What is the number of failed login attempts before the password tool locks you out?

Can a locked AD account still log into the tool with a password or are security questions required?

What’s the difference between a locked AD account and a locked password tool profile?

Password Management Tool & Mobile App

On the security questions page, when I click on "reveal answers" nothing happens. Is this a bug?

I’ve loaded the Hitachi ID Mobile Access app onto my phone, but sometimes when I open the app it’s blank. What’s wrong?

Required Password Change

What's happening, and why?

Protecting UCSF against growing cybersecurity threats continues to be a priority as we enter 2019. Beginning in February, you will be asked to strengthen your UCSF password (i.e., the password you use to log into your computer, email, and access the UCSF network) by making it longer and more complex. Using a strong password or passphrase is a security fundamental. Other measures – like Duo two-factor authentication – also help but do not protect all systems. When it is your turn, you will receive an email from [email protected] that will include detailed instructions and a link to our new UCSF Password Management Tool. Please be sure to enroll in the tool because, in addition to using the tool to change your password, you can use it to unlock your account on your own without needing to call the IT Service Desk. Since we all carry multiple devices (laptops, phones, tablets, etc.) it is relatively easy to get locked out of your account when changing your password so please follow the instructions carefully to help make it a smooth experience. If you already changed your password in the last few months to meet the new requirements, then you should not be asked to change it again.

When is the Password Acceleration starting and how long will it last?

We are ramping up password changes on February 12, and it will run until we’ve processed all the accounts that need a password change, probably June 2019.

What do I need to do?

Enroll in UCSF’s new password tool here, or go to a security pop-up event at your campus. Be sure to also download the app for your mobile phone, because that can help you unlock your account in case you get locked out. Don’t change your password until you’re prompted though, because you’ll get detailed instructions on how to do it.

When should I change my password?

Wait for the email asking you to change your password. It will include detailed instructions. You will have 3 weeks to complete a password change.

What’s the most important part of changing my password?

Be sure to follow the instructions! Many of us have more than 1 computer and we login to email on our cell phone, so it’s important to do the steps in order on each device.

How long do I have to change my password? What if I’m going out on vacation and don’t have time to change it right now?

You have 3 weeks from the day you get the first email.

Why do I need to change my password if I use Duo already?

Duo is required for some logins, but not all. UCSF’s password policy has also changed to require a 12 character password.

I’d like to change my password now, and not wait for the email, how do I do that?

Go here and follow the directions carefully.

I have multiple accounts, how do I know what account needs to have its password changed?

The email will tell you the domain and accountname “Campus\SimpsonH” for example.

Does the required password change also apply to resource accounts?

Resource accounts are out of scope for this project. Only Active Directory (AD) accounts that are active, mail-enabled, and have an employee ID beginning with “02” are in scope.

Can I use the same password across all my accounts?

Passwords cannot be the same across accounts regardless of whether they’re standard or elevated privilege accounts. After you change your password on one account, the tool will not accept the same password for your other accounts.

Password Quality

It’s so hard to pick a password and remember it! Do you have any tips?

It’s helpful to pick a passphrase that you’ll remember, something like “[email protected]”. See here for tips.

AnchorIs the length requirement 12 or 15 characters?

The requirement for elevated access AD accounts is 15 characters. The requirement for all other AD accounts is 12 characters.

AnchorWhy is the password tool making me use 15 characters for my new password?

Your account may have some extra access which means it is considered an elevated account and requires a minimum of 15 characters.

Lockouts

I keep getting locked out! What should I do?

First, make sure you’ve enrolled in the password tool and downloaded the password mobile application on your cell phone. You should be able to unlock your account in the tool. Second, think about other devices where you might have logged in with your old password. Contact the Service Desk at 415-514-4100 to have someone help you troubleshoot.

How do I know what devices I’ve logged into in the past?

That’s a good question. Think about your phone, tablet, a presentation laptop your department might use, your home computer, etc. Check them all to be sure.

What is the number of failed login attempts before the password tool locks you out?

Three failed password or security answer attempts will lock you out of the UCSF Password Management Tool, and you will need to call the IT Service Desk to have your profile unlocked.

Can a locked AD account still log into the tool with a password or are security questions required?

A security question is required. Though please note that neither security question nor password will work if the password tool profile is locked.

What’s the difference between a locked AD account and a locked password tool profile?

Locked AD accounts due to password failures will auto-unlock after 15 minutes of inactivity. A locked profile in the password tool will remain locked until the Service Desk unlocks it. The Hitachi ID mobile app will not circumvent a locked password.ucsf.edu profile.

Password Management Tool & Mobile App

On the security questions page, when I click on "reveal answers" nothing happens. Is this a bug?

The “Reveal answers” button only works on answers you’ve just typed, not on previously stored answers. Once you submit the changes, the answers are encrypted and cannot be revealed. The “Reveal answers” button is a convenience feature to allow users to verify they typed what they thought they typed, since there is no answer verification process.

I’ve loaded the Hitachi ID Mobile Access app onto my phone, but sometimes when I open the app it’s blank. What’s wrong?

This is a funny quirk, but you should not need to reload the app or re-register your device. Try tapping on another option besides “Profiles” at the bottom, then back to “Profiles” and it should reload.